On my Domain Controllers I am getting this failure audit and found the
solution below from eventid.net. Does anyone have any feelings about
this solution?
Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 12/29/2004
Time: 6:07:59 AM
User: MYDOMAIN\MYMAILSERVER$
Computer: MYDC
Description:
Object Open:
Object Server: DS
Object Type: configuration
Object Name: CN=Configuration,DC=MYDOMAIN,DC=ORG
New Handle ID: -
Operation ID: {0,869841286}
Process ID: 300
Primary User Name: MYDC$
Primary Domain: MYDOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: MYMAILSERVER$
Client Domain: MYDOMAIN
Client Logon ID: (0x0,0x311C2325)
Accesses Control Access
Privileges -
Properties:
DELETE
READ_CONTROL
SYNCHRONIZE
ACCESS_SYS_SEC
MAX_ALLOWED
Write Property
List Object
%%7690
%%7694
%%7695
Manage Replication Topology
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
This event was logged every 1 minute by our exchange 2000 server on our
Domain Controller Security Log. I found that the "Recipient Update
Service (Enterprise Configuration)" was the one triggering the failure.
I went into ADSIedit and gave "Exchange Enterprise Servers" permissions
to "CN=Configuration,DC=internal,DC=net" now the same event is logged as
success. I gave Full Control since I don't know what permissions I
should give the group.
Justin A. Salandra
MCSE Windows 2000, MCSA Windows 2003
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
